Umesh Verma, President and CEO of Blue Lance Cyber-Security is here to discuss the importance of fighting cyber attacks from the inside out.
Please excuse any typos in this hasty transcript.
Jay Curry: Welcome back Texas. Welcome to Texas Business Radio. Wow, we’re having fun today. We’re talking technology, and in this segment, it’s going to be hot. We’re talking about cyber security. Folks, if you’re involved in a business in any way, you need to be listening to this one, it’s going to be good. But before we get started, let me remind you that our website is texasbusinessradio.com, it’s all there, put your pencils down, relax. You can go there, get everything you want, all in high definition color.
We also monitor #tbr if you want to send us a tweet, #tbr as in Texas Business Radio. Then of course, we have our famous 24-hour hotline, that’s right, we got a red phone by Matt’s desk, and we have one by his bed, we have one in his car, he will get it, we will get the answer, we’ll get the specialist on, and we will get you your answer on the air. That number is 844-814-8144. All right, this is Jay Curry, your host for this segment. Let’s get right into it, because this is going to be a hot one. I have in the studio with me, Umesh Verma, president, CEO of Blue Lance Cyber Security. Wow, Umesh, thank you for joining us.
Umesh Verma: Good morning.
Jay Curry: This is going to be fun. So tell us what is Blue Lance Cyber Security all about?
Umesh Verma: Blue Lance Cyber Security is all about protecting businesses from cyber thieves. What we do is we help companies protect themselves from the inside out, which is different from the bulk of what others do which is they focus in on the perimeter, and external actors.
Jay Curry: This is really a differentiator, and a different slant that I’ve frankly not heard, and I’ve heard a lot in this area. I really like that, so give me a little more, what do you more inside out?
Umesh Verma: Right, so you know historically, just put it in perspective, historically, everybody focuses on the perimeter and keeping bad guys out. However, it’s a lot like health, we get up in the morning, and there’s hygiene that we do. We practice hygiene like brushing our teeth, and showering, and shaving, clipping our nails, et cetera, et cetera. The reason we do that is because we want to one, ward of infections, and secondly, if we do get sick, we bounce back faster. It’s an issue of resilience. Much like that, we practice hardening a corporation in from the inside out. It is historically been the place of least practice. Most companies which have probably … companies especially with less than 500, up to 1000 employees have a lot of poor internal security control practice. The hygiene is poor.
We help them practice and put in internal security controls from the inside out. Things like … I’ll give you three areas for example. Most companies have excessive privileges, they have lots of users with excessive privileges, they have lots of users with dormant accounts with tremendous privileges, and they have poor credential management.
Jay Curry: Wow. Give me an example what you mean by outside first. That’s what most people are doing is just what?
Umesh Verma: The external hacker.
Jay Curry: Yeah.
Umesh Verma: Someone sitting outside the organization trying to break in, that’s from the outside in.
Jay Curry: The reality is that companies have gotten pretty good at putting that wall up, but there are ways though that you can get on the inside by by-passing that.
Umesh Verma: Yeah, so the outsider actually now can go down to the dark web, and with the recent breaches, very, very high profile breaches like we have all heard in the press, the Yahoo breach, which had lost billion records of credentials, people’s credentials those are user IDs, and passwords, the Equifax breach, people’s credit files are all out there, so now you take that, you can buy that stuff from the dark web for less than a dollar a record, so in essence I can go out now with the Equifax breach, and the Yahoo breach and buy credentials for everybody that’s a systems administrator that works for-
Jay Curry: You name it.
Umesh Verma: … for whatever industry with less than 500 employees.
Jay Curry: Yeah.
Umesh Verma: I cross-match that, and now I have people’s user IDs and passwords, and most people, and this is a piece that your listeners should be quite aware of, or should be made aware of that, is that we as small business people typically use the same variant of our password.
Jay Curry: Right.
Umesh Verma: We may move a decimal, or an exclamation mark, or whatever here or there, but that’s the same variant. The other thing is that we have credentials, we use the same credentials in our businesses as we use in our personal lives. Our bank accounts will have the same passwords as our application to our email systems for example.
Jay Curry: Exactly. Wow. The inside out is really different, because you’re getting to what’s happening now. I mean, they’re getting very, very sophisticated about this stuff. Now, you started in the regulatory business, which adds a lot of credential in itself, now though, you are focusing on what industries? I mean, companies 500 to 1000 employees, or less, which is a unique … most cyber companies are just wanting the big boys, but the reality is, where the spammers, and scammers are really penetrating is now the $20 million company that has 40, 50, 60 hundred employees. That’s becoming your specialty now.
Umesh Verma: Yeah, so thanks for bringing that up. Our technology was built, and we built it over the years, over the last 25 years, primarily servicing regulated industries like finance and banking that have … and health care, and a few … education and government that have very mature requirements for internal security. Now, what has happened is that the small business man always felt like, “What do I have to lose to a hacker that comes in? I carry most of it around in my head. I know my customers on a personal basis. What are they going to do with it? What are they going to need?” But that has changed, because the first thing they’ll do is drop in malware and zip your drive up, and you get this fancy little screen that say, “You know what? I’ve just locked you out, and you can’t get into your systems, so pay me ransom.”
Jay Curry: Right.
Umesh Verma: So ransomware is a big problem, malware is a big problem, account take over, where they take over your account from the outside, they go in and masquerade like you. If you’re a business owner, you typically have never subjected yourself, and your IDs, or your employees to monitoring, in fact, we’re finding that 73% of the companies under 500 employees don’t ever monitor their users, or the credentials.
Jay Curry: Seventy-three percent.
Umesh Verma: Seventy-three percent.
Jay Curry: The IRS now tells you, “Okay, you can call us, but in reality you got to pay the ransom.” I mean, it’s that strong.
Umesh Verma: Right.
Jay Curry: Now, this is all about software, LT Auditor … and tell me a little bit about how you’re doing this. You’re not bringing a lot of equipment in, you can do this remotely.
Umesh Verma: Absolutely. We have a Commercial Off-The-Shelf product, it’s called COTS, typically the government calls it a COTS good. It’s Commercial Off-The-Shelf, C-O-T-S. We sell it over the internet, it’s distributed over the internet off of bluelance.com, that’s my company, www.bluelance.com. You get there, you can download the software, you can take your videos, you can learn all about us, and then, you install it on your sever, and then, you deploy what’s called agents, software agents, so no hardware involved, no nothing. It’s purely software. It’s deployed across workstations, servers, desktops, laptops, to the extent that you want to assess, and monitor.
Jay Curry: Now that you’ve broken down from the big boys, and regulated banks, and financial to these smaller industries, you’re offering a free service, free scan or something, tell me what that’s all about. I think our listeners would like to know about this.
Umesh Verma: Yeah, so we’ve extended our monitoring, and compliance technology, and we’ve come out with a free scan. This is a very light-weight scan that is dropped in, and within … onto your computer, and so long as you have connectivity to your network, you don’t even have to install it on your server, you just install it on your workstation, and if you have connectivity to your network, you run this scan in five minutes or less, and we’re able to gather up to 1000 credentials, and give you a report card. Much like the old brake-check report card, 15-point brake-check.
Jay Curry: Yep, I love it though.
Umesh Verma: We give you a cyber security internal security control cyber hygiene scan report. Twenty-five points all coded red and green, and we give you how you compare, how your setting compare to best practices.
Jay Curry: And you’ll do that for free?
Umesh Verma: Yes.
Jay Curry: Okay.
Umesh Verma: That first scan is free.
Jay Curry: Then you will also consult with them for them to understand where they’re exposed.
Umesh Verma: Yeah, we’ll do what’s called a read-out, and all of this can be done remotely. It’s over the phone, and over the web.
Jay Curry: It’s painless, and it’s free, let’s take that first one.
Umesh Verma: Let’s take that first one.
Jay Curry: Tell me, Umesh, how does someone get ahold and learn more. I know you mentioned it, but mention it again.
Umesh Verma: Sure, you call … well first of all, over the web, www.bluelance.com, and right from there on the homepage you have this banner that says, “Get your free assessment.” You click there, schedule it, you put in your date and time, you tell us when you want it, we will be in touch with you, and we’ll schedule the scan.
Jay Curry: Clear and easy, you’ve made it really easy.
Umesh Verma: Right.
Jay Curry: All right folks, we’re going to have to take a break to pay a few bills, but we’re talking about technology, very interesting stuff, stick with us, don’t go anywhere, we’ll be right back.
Sponsored in part by:
Jay W. Curry
Along with hosting “Texas Business Radio”, Jay is a Professional Certified Coach and Master Chair facilitating four Houston-based Vistage peer groups. In addition to being a best selling non-fiction author, the 2015 release of his award winning novel, Nixon and Dovey: the Legend Returns, adds novelist to his title. Jay holds a BS in Mathematics from Oklahoma State and an MS in Computer Science from Kansas State. You can learn more about Jay HERE.